Hugo Porcher Malware Researcher, ESET
Hugo is a malware researcher at ESET. He focuses mainly on malicious softwares targeting UNIX based operating systems (especially the Apple flavour ones). His previous researches include the analysis of 21 different Linux OpenSSH backdoors families (mostly undocumented). He spoke at various conferences like Botconf, GoSec or LCA. In his free time, he enjoys sliding sports such as surfing and skiing, and expanding his knowledge in doing various projects related to program analysis and CTF challenges.
Talk: Wajam: From a Start-up to Massive Spread Adware
Wajam Internet Technologies was a start-up founded in 2009 in Montreal. Their eponym product was a "social search engine" solution. Its promise was to get Internet search results based on your relations on social networks. Wajam was free to install. To start monetizing the software, they started adding ads to search results. Gradually, Wajam began acting more and more like adware: they used pay-per-install platforms to distribute the application, obfuscation and even kernel drivers (rootkit) to hide their malicious behavior from users and security products. According to D&B Hoovers, the net benefits made by the company were estimated to $CAD 4.2M in 2013.
After being investigated, the Privacy Commissioner of Canada reported in 2017 that Wajam Internet Technologies breaches the Personal Information Protection and Electronic Documents Act (PIPEDA). This did not stop their activities: they quickly sold all assets to a virtual company based in Hong Kong to avoid Canadian authorities. In late-2018, new samples targeting both Windows and macOS emerged and were quickly linked to Wajam.
This talk will detail the technical findings of these recent variants and how they are related to the previous techniques used by Wajam. The technical evolution of the samples collected over the years will be mapped with the unique history of the company. From this timeline, it will be highlighted that behaviours that could be considered as malicious are much older than one may realize, and the self-protection methods used by the software are increasing in complexity and sophistication.